similar to: ssh setuid changes.

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

On Sat, Jan 7, 2017 at 2:30 PM, Peter Moody <mindrot at hda3.com> wrote: > so I spent a bit of time looking at this and it seems like the only > way to go, at least if I want to keep it in ssh_connect_direct(), is > to use pthreads. further, it seems like getting that accepted is > something of a long shot: Sorry, pthreads is a non-starter. I would have thought that using

Hello, I use hosts that are dual stack configured (IPv4 and IPv6) and it happens that connectivity through one or the other is broken and timeouts. In these case connection to the SSH server can take quite some time as ssh waits for the first address to timeout before trying the next. So I gave a stab at implementing RFC 8305. This patch implements part of it in sshconnect.c. * It does not do

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

In the current implementation, ssh always uses the hostname supplied by the user directly for the SSHFP DNS record lookup. This causes problems when using the domain search path, e.g. I have "search example.com" in my resolv.conf and then do a "ssh host", I will connect to host.example.com, but ssh will query the DNS for an SSHFP record of "host.", not

Changes since OpenSSH 6.4 ========================= This is a feature-focused release. New features: * ssh(1), sshd(8): Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it. * ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a

http://bugzilla.mindrot.org/show_bug.cgi?id=418 dirk.meyer at dinoex.sub.org changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Miscellaneous |Build system ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

I am enclosing a context diff of the changes that I made to get openssh working on UWIN. UWIN is a UNIX operating system layer that runs on Win32 systems. For more information on UWIN go to http://www.research.att.com/sw/tools/uwin/. I also ran configure using -with-cppflags=-D_BSDCOMP=2. I don't know where that information would go with the source code. Let me know if you need more

Hello all, I recently have a problem with multiple addresses and address families. Problem is simple, i have some hosts with IPv4 access only and some with IPv6 access. This wouldn't be big problem if I had a stable IP addresses. But sometimes I move to another network with complete different addresses. So I created patch which on option BindAddress accept list of addresses. With ip I solved

Hi, i have written a patch for openSSH 5.8p2 which allows the user to set the local source port. The patch is as follows: diff -rupN openssh-5.8p2//readconf.c openssh-5.8p2-srcport//readconf.c --- openssh-5.8p2//readconf.c 2010-11-20 04:19:38.000000000 +0000 +++ openssh-5.8p2-srcport//readconf.c 2011-07-17 20:57:52.385044096 +0100 @@ -125,7 +125,7 @@ typedef enum { oGlobalKnownHostsFile2,

The attached patch adds a new 'ConnectTimeout' option (man page updated in patch) to avoid wasting time when the target host is down. I needed that because I was using rsync/rdist over ssh for massive files update and the default connect() took too long for my purpose. The patch was tested on Linux only, but I used a similar one for ssh 1.2.XX on Linux, Solaris and HP-UX without

Hello, My usage of ProxyCommand just calls the nc utility with various parameters. That in turn after the initial setup just copies copies the data from the network socket to stdin/stdout. This useless coping can be avoided if ssh has an option to receive the socket from the proxy command. I suppose it can improve network error reporting as ssh would talk directly to the network socket rather

Being rather aggrevated when testing at the enforced 1 second delay between each connection attempt and the useless 1 second delay done after all connection attempts have failed I wrote a patch to make the number of seconds delayed between each connection attempt configurable. Stephen -------------- next part -------------- diff -u --recursive openssh-2.3.0p1/ChangeLog

The openSSH ssh command appears to not use a source privileged port (no matter what the options/configs) if the target port isn't a privileged port. For example: ssh -p 22222 foo.ucla.edu would never try to connect from a privileged port. Even with useprivilegedport=yes. This disallows .shosts RSA host authentication without a password. This breaks compatability with ssh-1.2.27 and

Hi, I'm trying to compile openssh2.3.0p1 on aix3.2.5. Can I ignore this list of warning messages? bsd-bindresvport.c: In function `bindresvport_af': bsd-bindresvport.c:94: warning: implicit declaration of function `bind' bsd-rresvport.c: In function `rresvport_af': bsd-rresvport.c:64: warning: implicit declaration of function `bzero' bsd-rresvport.c:82: warning: implicit

Attached is the patch for the Cygwin port of 2.2.0p1. As usual I didn't attach the patch to `configure' but only the patch to `configure.in'. BTW: I have attached a gzip'd version of the patch since it's size is > 20K and I thought that it might be too big. The gzip'd diff is < 8K. What are "Small attachments (such as diff files) within the bounds of common

This patch avoids spending too much time during connect() when doing an ssh()/scp() on a down host. It uses a new client option called ConnectTimeout and is useful for rsync or rdist commands using ssh(). See http://bugzilla.mindrot.org/show_bug.cgi?id=207 for detailled info. -------------- next part -------------- --- openssh-3.6.1p1/readconf.c.ORIG Tue Apr 15 23:06:30 2003 +++

Here is the version of this patch for the last portable version of OpenSSH (3.5p1), as it is not included in the main tree. The patch avoids waiting to long when using ssh() or scp() on a down host, it is usefull when you have to update many hosts via rsync or rdist themselves relying upon ssh(). It enables a new option 'ConnectTimeout' to control exactly the timeout value, so that it can

Hi, there is a tiny bug in readconf.c: options->use_privileged_port is always set to 0 regardless of whether -P is specified or not. This has the effect that RhostsAuthentication is disabled even if "RhostsAuthentication yes" is specified. The (trivial) patch is appended below. Martin ======================================================================== Martin Siegert Academic

I would like to remove setsockopt(SO_LINGER), as there does not seem to be a reason for its use. If you know of specific reasons we should keep any of these let me know, or run this patch in local test trees where possible. This is against OpenBSD, but should apply to portable with some fuzz. Index: channels.c =================================================================== RCS file: